The state-sponsored attackers behind a breach that News Corp disclosed last year had actually been on its network for nearly two years already by that time, the publishing giant has disclosed. In a letter to employees last week, News Corp said an investigation of the incident showed the intruder first broke into its network in February 2020, and remained on it until discovered on Jan. 20, 2022. READ MORE...
Already smarting from a breach that put partially encrypted login data into a threat actor's hands, LastPass on Monday said that the same attacker hacked an employee's home computer and obtained a decrypted vault available to only a handful of company developers. Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor "was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity" until August 26. READ MORE...
A cyberattack on a Boston-based labor union's health fund resulted in the loss of $6.4 million, but it does not appear that the personal information of members was stolen or compromised, union officials said. Federal and local law enforcement agencies were notified of the attack at Pipefitters Local 537 that was discovered Feb. 7 and the union retained a cyber security forensic investigator, union business manager/financial secretary-treasurer Daniel O'Brien said in a message to members. READ MORE...
A series of distributed-denial-of-service (DDoS) attacks shut down nine Danish hospitals' websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers' operations or digital infrastructure. Copenhagen's health authority confirmed the outages in a tweet, and directed patients to an emergency page with the hospitals' phone numbers. READ MORE...
Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments' cybersecurity investment, according to Network Assured. Network Assured compared data from State Attorneys Generals and the Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) Office of Civil Rights' (OCR), along with public reporting of state budgets for cybersecurity. READ MORE...
This year started off with a bang, with critical infrastructure attacks - both physical and cyber - at an all-time high. The Cybersecurity and Infrastructure Security Agency (CISA) released 12 industrial control system (ICS) advisories warning of critical security flaws, while the hacker group GhostSec, aka Anonymous Operations, claimed to have used ransomware in encrypting an industrial remote terminal unit of the type relied on by critical infrastructure. READ MORE...
Cybersecurity and Infrastructure Security Agency Director Jen Easterly called for a transformative shift to put the onus on the technology industry to infuse security into their products during the design phase. Easterly, speaking Monday in an address at Carnegie Mellon University, said we can no longer continue blaming and shaming technology customers that are being targeted by sophisticated adversaries - including nation-state adversaries like China and Russia - after they are targeted for attack. READ MORE...
A critical vulnerability affecting the Houzez premium WordPress theme has been exploited in the wild, WordPress security company Patchstack warned on Monday. Houzez is a premium theme for the real estate industry. Patchstack CTO Dave Jong discovered recently that the Houzez theme and its associated Houzez Login Register plugin are impacted by a critical vulnerability that can allow an unauthenticated attacker to hack WordPress websites. READ MORE...